Office Protect Event - File Shared Publicly (anonymous)

In a business setting, there are few good reasons to share business file to anonymous targets. It defeats all tracking and compliance mechanism around data extraction. Users should always share files to specific users or guests.


This event is triggered when a user creates a link to a file using the Anyone with the Link option in SharePoint or OneDrive. To put it simply, anyone that has access to the internet can see your file.


Remediation

 

It is preferable to validate the content of the shared file. Office Protect provides the full path of the file or the folder in the event. It is also possible to prevent users from sharing file publicly in Microsoft 365 through SharePoint Admin Center. Simply lower the permission slider to New and existing guests. This will force user to select specific users to share the file to. Note that it’s also possible to limit link sharing to specific domains, this setting is available in Advanced Options.


External sharing settings in the new SharePoint admin center


Microsoft Documentation on External Sharing: https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off